Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Language
X-Ws-Request-Id
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
X-Device
NEL
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Server-Id
Content-Location
X-Response-Time
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
X-ASPNET-VERSION
EagleEye-TraceId
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TtlSet
X-Vname
X-PC
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
X-Content-Type
Fusion-Content-Id
Fusion-Template-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-ESI
X-Abt-Application-Version
X-Server-Name
Display
X-Middleton-Display
Pagespeed
Response
X-Middleton-Response
X-Pinterest-Rid
X-Sol
Pinterest-Version
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
Verso
X-DynaTrace
X-Cached
Service-Worker-Allowed
X-Webkit-CSP
MS-Author-Via
X-Element-Page-Cache
X-Fastly-Request-ID
X-B3-TraceId
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-TTL
X-Powered-By-Plesk
Content-MD5
X-Upstream
X-Version
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-SharePointHealthScore
AR-CACHE
SPRequestGuid
X-FastCGI-Cache
X-Forwarded-Proto
Ar-Sid
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-VARITI-CCR
X-CST
Accept-Ch
X-T
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Goog-Hash
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Jurisdiction
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
TP-L2-Cache
TP-Cache
X-Release
X-Content-Digest
X-Edge
S
SPRequestDuration
SPIisLatency
X-Amz-Rid
TCN
X-Ttl
X-Pinterest-Direct
RTSS
X-NWS-LOG-UUID
Cache-Tag
X-Server-ID
X-PressLabs-Stats
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Ratelimit-Remaining
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Recruiting
X-Kinsta-Cache
X-Cache-Hit
ServerID
X-Origin-Server
X-Page-Id
Accept-Charset
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
Mrf-Cache-Status
X-SRCache-Store-Status
Host
X-Mg-S
Alternate-Protocol
X-B
Accept-Ch-Lifetime
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Grace
X-ECACHE
X-Forwarded-For
X-Shield-Request-Id
X-Mobile-URL
X-DIS-Request-ID
X-Hostname
Nginx-Cache
X-Amz-Server-Side-Encryption
X-Ratelimit-Limit
Edge-Cache-Tag
X-Country-Code-Real
X-FTR-Backend
Filterid
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Expires
X-FireWall-Port
X-HP-Webp
Realpath
X-Seen-By
X-Content-Options
X-Hits
X-Load-Cache
X-Git-Hash
X-LB-Cache
X-F-Cache
X-Az
X-Activity-Id
X-Jobs
X-AppVersion
X-N
X-Request-Guid
X-App-Environment
X-Type
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-Varnish-Grace
Paypal-Debug-Id
Fastcgi-Useragent
X-Rid
X-Daa-Tunnel
Cache-Tags
X-WebKit-CSP-Report-Only
X-Zen-Fury
DynaTrace
X-Upgrade-Enabled
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Proxy
X-TEC-API-VERSION
Cleartype
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cached-By
X-FB-Debug
X-Akamai-Edgescape
X-App-Server
X-Id
X-Cache-Age
Powered-By-ChinaCache
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
DC
X-Cache-Operation
X-Cache-Rule
X-Content-Powered-By
Content-Disposition
X-Host-Name
X-Correlation-ID
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Respond-Thread
X-HS-Cache-Config
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-HS-Hub-Id
X-HS-Content-Id
X-User-Agent
X-HS-Combine-CSS
X-IPLB-Instance
X-B3-Sampled
X-Response-Served-From
X-Accel-Buffering
X-AOL-HN
X-Wix-Request-Id
X-B-Cache
X-Original-Request-Id
X-Signature
X-Debug-Info
MS-CV
X-Whom
Healthy
Akamai-Age-Ms
X-Region
AMP-Access-Control-Allow-Source-Origin
Payment
X-HTML-Minification-Powered-By
X-Frontend
X-FW-Dynamic
X-Ua
X-VCache
X-FW-Type
X-Is-Bot
X-Rendered-As
X-UUID
X-Rule
X-FW-Server
X-FW-Static
X-Distributor
X-Cacheable-TTL
X-FW-Hash
X-FW-Serve
X-Endurance-Cache-Level
X-Instance
X-Mobile
X-Cache-Time
Datacenter
NGB
Refresh
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Tumblr-User
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
Countrycode
X-Via-JSL
X-Protected-By
Nel
S-Cnection
X-Acc-Debug-Context
X-XRDS-LOCATION
X-App-Version
PB-RID
Liferay-Portal
PB-PID
Arc-Version
Viewport
X-Varnish-Server
Charset
X-Backend-Name
X-Ah-Environment
X-Tec-Api-Version
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Hyper-Cache
X-Tec-Api-Root
Filters
X-PHP-Backend
X-Cache-Expired-At
X-Cache-Server
X-Azure-Ref
Retry-After
X-NewRelic-App-Data
Section-Io-Cache
X-Amz-Replication-Status
X-Litespeed-Cache
Referer-Policy
X-Fastcgi-Cache
X-Cache-Action
X-DynaTrace-JS-Agent
X-Sucuri-ID
X-WA-Info
X-Proxy-Cache-Status
X-Source
X-Cache-Control
X-EdgeConnect-Cache-Status
GEO-INFO
Version
Powered
X-L-Path
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Real-IP
X-Framework
X-Environment-Context
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Yottaa-Optimizations
X-Yottaa-Metrics
Frame-Options
Ms-Operation-Id
X-GeoIP
X-Mode
X-RTag
X-Air-Hostname
X-Unique-Id
X-Revision
X-Time
X-From
X-Cache-Host
X-ProxyCache-Key
X-Correlation-Id
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Cache-TTL-Remaining
X-Qloud-Router
X-BYPASS-REASON
X-Xfnlog-Site
Uber-Trace-Id
X-Time-Microsecs
X-TNCMS
X-Loop
X-LJ-Flow-ID
X-VWS-Id
X-OCL
Mn-Server-Ip
X-PHP-Host
X-PCL
X-Labrador-Cache-Channel
X-Human
X-Debug-Cache
X-Cluster
Cache-Tv-Group
DB-Nickname
X-Server-W
X-Hosted-By
Ec-Rule-Version
X-FW-Version
Cross-Origin-Window-Policy
X-AWS-Id
X-FB-TRIP-ID
X-Hp-Webp
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Amzn-Remapped-Content-Length
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Server-Name
TWC-Device-Class
X-Handled-By
X-Routing-Service
X-Site-Version
X-Zipkin-Id
X-Status
X-Redis-Cache
X-Origin-Hint
Property-Id
X-Hl-Ver
X-Locale
X-NYM-Debug-Backend
X-Detected-As
X-Proxied
X-CSRF-Token
X-BCube-Filmed-By
X-Be
X-Device-Type
X-Access
X-Format
X-Proto
X-Via-Fastly
X-Section
X-Ratelimit-Reset
X-Drupal-Cache-Contexts
X-Generated-By
X-ServerID
Cache
X-Sucuri-Cache
X-Cache-PHP
FSS-Cache
X-JoinUs
Selected-Fe
X-Proxy-Build
X-No-Session
X-ATG-Version
X-Timing-Wait
X-SaId
X-FTR-Cache-Host
X-Drupal-Cache-Tags
X-Contextid
From-Origin
Webserver
X-Varnish-Cache-Hits
X-CDN-Forward
X-URL
X-NCache
X-Origin
CF-Cached-On
X-NWS-UUID-VERIFY
X-Adobe-Loc
X-Adobe-Content
OT-Force-Account-Verify
X-NC
CACHE
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-AIR-PT
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-TA-CDN-Provider
X-GoCache-CacheStatus
Azure-SiteName
Azure-Version
X-IPS-LoggedIn
X-Tt-Trace-Tag
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
X-TT
X-Akamai-Transformed
X-EIG-Tracking-Id
VIX-Pulpo-Node
X-IP
X-Bc-Bl
X-Cache-Enabled
X-TIME
X-EC-Lua
X-Esi
X-Backend-Host
X-ECache
SD-X-WS
X-CCM
X-APP-VERSION
X-Adobe-Source
X-Cache-2
Access-Control-Request-Headers
X-Ruxit-Js-Agent
X-Cache-Backend
X-Tumblr-Pixel-3
Upgrade-Insecure-Requests
X-B3-Traceid
X-ShopId
X-ShardId
X-Vgn-Hpd-Variations-Key
X-Shopify-Stage
X-Pubstack
X-Vgn-Hpd-Cached
X-PERF
X-Storefront-Renderer-Rendered
X-Soup
X-Viewer-Country
X-Cache-Grace
Node
X-Cdn
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Backend-TTL
X-Forwarded-Host
X-ApacheServer
X-External-Request-Id
X-Destination
X-Trv-Group
DCR-Processing-Time-Ms
X-Say-Cacheable
X-Rojux
X-Web-Node
X-Processor
X-Transaction
Fastcgi-X-Cache-Version
Decoy-Debug-Status
Apple-News-Services-Request-Url
X-PBS-Appsvrname
Apple-News-Services-Parsed-Url
X-Cluster-Name
X-A
X-Connection-Hash
X-PAYTM-SRV-ID
Apple-News-Services-Host
Apple-News-Services-Handled
Decoy-Debug-TTL
X-G
DCR-Decision-By
Decoy-Debug-Key
X-D
Cache-Status
Fastly-SSL
X-Worker
X-VG-WebServer
X-A-Dcw
X-Storage
X-A-Dam
X-Route-Name
X-Vdms-Version
X-Vtex-Remote-Cache
MD5-Digest
X-B-Cookie
X-A-Dgt
Meta-Geo-Continent
Mobile-Detection-Method
X-Providence-Cookie
X-Aed
Rendered-Blocks
X-Cache-NE
X-Vtex-Processado-Em
X-Request-UUID
X-Rewrite-Enabled
X-A-Ccd
X-S
X-A-Wwc
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Application
X-Vdms-Path
Machine
X-ScT
Host-ID
X-S-Cookie
X-RCS-CacheZone
X-ARC
X-SayCDN-TTL
X-VG-WebCache
X-Say-TTL
Xc-Version
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Config
X-Varnishpool
X-Ms-Version
CDN-RequestId
Platform
X-Clara-WADP
X-TX-ID
CDN-CachedAt
Fastly-SWR
X-Date
X-Fmm-Version
X-Cache-Bucket
Surrogated-Key
CloudFront-Viewer-Country
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Ms-Request-Id
CDN-Uid
X-VG-TLSProxy
X-Generation-Time
CDN-EdgeStorageId
X-Rebelmouse-Cache-Control
CDN-PullZone
X-Accel-Expires-Debug
X-LAGOON
CDN-Cache
Fastly-SIE
X-Envoy-Decorator-Operation
Is-Eu
X-Micro-Cache
X-Variation
CDN-RequestCountryCode
X-WADP-Cache
X-Rebelmouse-Surrogate-Control
Adler-Geo
X-Servername
X-Varnish-Beresp-Grace
X-UA
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Country
X-NGENIX-Cache
Time
Backend
Wxu-Next-Region
X-Bip
L
X-Backend-State
X-Dispatcher-Server
NM-Fastcgi-Cache
Origin
Rt-Fastcgi-Cache
X-Cache-Id
X-Cache-NGX
Gh-Request-Id
Wxu-Next-Commit
X-Core-Mission
C-Via
X-Core-Value
X-CUA
X-Cms-Context
Country-Code
Wxu-Next-Hostname
Fastly-Drupal-HTML
X-Clientip
Akamai-GRN
X-Old-Content-Length
X-Varnish-Ttl
X-UPSTREAM-Address
X-OVcl
X-OVcl-Cache
X-Minions-Version
X-Microcachable
X-Li-Pop
X-LI-UUID
X-Method
X-Owner
X-Platform
X-Slack-Backend
X-SN
X-Thanos
X-Platform-Server
X-Webstats-RespID
X-Skip-Cache
X-Policy
X-Wikidot-Static-Cache
X-Li-Fabric
X-Wikidot-Backend
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Gzip
X-Request-Host
X-Hash
X-Req
X-Render-Time
X-Varnish-Cacheable
X-Esi-Check
X-Request-Start
X-Fastly-Backend
X-Up
X-Auto-Login
Now
X-Varnish-Remaining-TTL
Mail-Subject
X-Cdn-Srv
L5d-Success-Class
We-Hiring
X-DefHash
X-Cache-Tags
X-Cache-Date
Memcached
X-Reqid
X-Varnish-CookieHashed-On
PFcat
X-Varnish-CookieINHashed-On
X-Cache-URL
X-CS
X-JWT-State
X-Is-Gdpr
X-Csrf-Jwt
X-Level-Front-Cache
CacheControlHeader
X-HN
AKAMAI
X-Developers
X-Eu-Site
X-Gamma-Serve
X-Generated-On
X-Has-Esi
X-Amz-Meta-Cb-Modifiedtime
X-Content-Age
X-DefElseHash
Group
Ha-Gx-Prefs
HA-Ipaddr
X-CGP
Fastly-Backend-Name
X-VarnishDD-TTL
X-Mvc-Supplant-Cachable
X-Edge-Location
Ufe-Result
X-CACHE-AGE
X-Aicache-OS
X-Proxy-Upstream
FSS-Proxy
X-Wa
Pagetype
X-Location
X-Geo-Header
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Session-Fingerprint
X-Branch-Name
UCS
X-Cache-Debug
X-DC
X-Refresh
X-NODE
X-LB-ID
X-Via-Popn
X-PF-Uncompressing
X-Agile
X-Via-Poph
X-Page-View
X-Agile-Age
X-Agile-Id
X-BC
X-ZONE
HostName
X-B3-Spanid
X-RateLimit-Remaining
X-GEO
M-TraceId
X-Servedbyhost
SRV
NGX
X-LI-Proto
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Ftr-Cache-Host
X-Datadome
X-Ua-Device
X-Mvc-Supplant-OutputCached
Hostname
X-Dc
X-Via-CDN
Arc-Country
X-Instart-Request-ID
X-SERVER
Xserver
X-Cdn-Forward
X-Request-Time
Cdn-Host
Viewtype
X-Nginx-Cache
VivaBuild
X-Check-Cacheable
X-Edge-Server
X-Varnish-Hostname
Cdn-Request-Time
X-NU-AKA-ACS-Version
X-RunCloud-Cache
X-Sql-Count
X-Sql-Duration-Ms
X-Zone
X-VCL-Version
X-Bc
X-Via-Ucdn
X-FPC
X-SERVER-NAME
Srv
X-Action
X-SRV
WebServer
X-NGINX-Cache
X-APP
Memory
X-Cluster-Node
X-UnsetCookies
X-LiteSpeed-Cache-Control
X-Via-Edge
X-Via-SSL
X-Cs
X-DW
Edge-Copy-Time
X-DSS
X-Vgn-Hpd-Ssi
X-RSL
X-DB
X-CF-Powered-By
X-Via-Popv
X-RPM
X-Cache-Remote
X-HS-Status
WWW-Authenticate
X-DI
X-RPS
SID
X-ID
X-Www-Served-By
ProcessTime
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-Oss-Cdn-Auth
X-CSRF-TOKEN
X-Srv
GeoIp-Country-Code
X-Svr
XServer
X-LLID
NtCoent-Length
Geoip-Latitude
On-Server
X-MP-GENERATED-AT
X-Vcache
ServedBy
Cache-Hits
X-Geo
X-S-Maxage
X-We-Are-Hiring
Apigw-Requestid
X-Dynatrace-Js-Agent
Geo-Info
X-Unique-ID
User-Agent
X-Hit
T-Server
X-Akamai-Request-ID2
GeoIP-Country-Code
Amp-Access-Control-Allow-Source-Origin
GeoIP-Latitude
Sid
Server-Info
W
Processtime
X-FORWARDED-FOR
LB
X-Pass-Why
Ohc-File-Size
X-Epic-Correlation-Id
X-MSEdge-Features
X-MSEdge-Flight
X-HOST
Pics-Label
X-Presslabs-Stats
CF-IPCountry
S-Rt
N-Cache
Server-Host
X-Envoy-Upstream-Healthchecked-Cluster
X-Tb
X-HITS
X-Varnish-Hits
X-FC-Vary-Parameters
Magicmarker
Protected
X-Pjax-Url
X-Cache-Hfrom
Accept-Language
X-Cache-Hm
X-Vcl-Version
X-Mobile-Rewrite
Cdn
X-Fpc
X-SB
X-VC
WZWS-RAY
X-Webkit-CSP-Report-Only
X-Nc
A
X-Info
Esi-Enabled
Cteonnt-Length
X-Erf-Stays-Bingo-Pdp-Web
CDN
X-Fastly-Country-Code
X-Key
Ohc-Cache-HIT
X-CACHE-KEY
X-Uri
X-COUNTRY
Lb
Origin-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Newrelic-Synthetics
X-Newrelic-App-Data
Origin-Edge-Control
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Via-NSCOPI
Proxy-Firewall
Tracecode
X-TT-LOGID
User-Cache-Control
X-Instart-Info
X-Dispatch
X-Acc-Rdl
X-StackifyID
X-Geo-Region
Ssr
DSUID
X-ServedByHost
X-Li-Proto
X-B3-SpanId
Odigeo-Trace-Id
Powered-By
X-Provided-By
X-Dynatrace
X-UA-Device-Type
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
X-Magnolia-Registration
X-Akamai-Pragma-Client-IP
Cache-Key
Lfy
X-TH-Server
X-Served-From
X-RAMCache
HitType
Cache-Name
Server-Ttl
X-Lb-Id
X-Cache-Tag
X-Origin-Date
X-Request-URI
X-Origin-TTL
Thinkindot-Control
True-Client-Country-4JS
X-Response-By
X-Rocket-Build-Number
V-Age
X-Origin-CC
X-Sigma
X-SD-PageType
Thinkindot-CacheControl-Type
X-Origin-Expires
Thinkindot-CacheControl
MIME-Version
Path
Locid
IsBot
FNAC-ModuleRouting
Instruction
Release
X-GeoIP-City
Sever-Int
SR-User-Adfree
Server-ID
Server-Hostname
Server-Ext
X-Origin-Time
Vix-Hermes-Req-Id
X-Gen-Mode
X-Loc
X-Node-Id
X-SRCache-Key
X-Gdpr
CDCHOST
X-Sigma-Backend
X-Cache-ASPX
X-Developer
X-Cache-Expires
X-SIPLIST1
X-Matched-Rule
X-Contensis-Viewer-Groups
X-Nginx-Cache-Key
X-Thinkindot-L3
X-SVT-ORM-RULES
Web-Mar-Node
X-API-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VServer
X-Cache-Info
X-BBC-Edge-Cache-Status
X-Hnp-Log
X-Varnish-Authentication
X-User
X-SVT-ORM-VERSION
X-Block-Status
X-Varnish-Url
X-Nyt-Route
X-Via-PopH
X-Via-PopV
D-Cc-Upstream
X-Via-PopN
X-TrackingId
Fastcgi-Cache-TTL
BehaviorPad-Version
X-Generated
Cache-Provider
X-Cc-Via
X-Men
X-Cc-Req-Id
X-Scheme
X-No-Cache
CountryCode
X-ElasticPress-Query
X-Fetched-On
X-Cdn-Origin
X-Generated-In
Kp-EeAlive
X-Device-Os
Cache-Host
X-Parent-Response-Time
X-NodeID
Xet-Cookie
X-LiteSpeed-Tag
X-RateLimit-Limit-Second
Pramga
X-RateLimit-Remaining-Second
X-Batcache
X-Server-IP
X-ServiceProvider
X-VC-Cache
X-Agile-Brick-Ok
X-Swa-Ws
X-Traceid
X-Trace-Id
X-Cache-Spec
X-Var-Ttl
X-Azure-Ref-OriginShield
X-BBXSRF
X-Tt-Logid
X-App
X-Sn-Servicetimems
X-WA
Tcn
Req-Svc-Chain
X-Planisys-CDN-Rules
X-RateLimit-Limit
X-HostName
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Cf-Alt-Svc
Who
Dnion-Transfer-Encoding
X-Varnish-Beresp-TTL
X-PJAX-URL
X-Yottaa-OS
Inserted-Into-Cache-At
X-Pf-Uncompressing
X-Selected-Name
X-Selected-Host-Header
X-Selected-Scheme
X-Path-Route
X-B3-Parentspanid
X-Apw-Hits
Resin-Trace
X-Snapshot-Date
X-Request-URL
Source
Cf-Device-Type
X-BBC-Origin-Response-Status
X-Vgn-Hpd-Reason
X-MiniProfiler-Ids
X-Dw-Trace-Id
Vha6-Origin
X-Proxy-Cachei7
Mime-Version
X-C
X-Apw-Access-Object
X-Apw-Access-Action
PICS-Label
Pragrma
X-Apw-Access-Token